403 Forbidden

Discussion in '3CX Phone System - General' started by Tomas Raska, Sep 18, 2017.

Thread Status:
Not open for further replies.
  1. Tomas Raska

    Joined:
    Aug 18, 2017
    Messages:
    58
    Likes Received:
    6
    Hello, we have VPN Tunnel to our Office where is LAN 150.160.100.0/24.
    Problem is, autoprovisioning is not working.
    3cx web server write "403 Forbidden".
    I tried change in 3CX Parameters "LOCALSUBNETS", but still not working.

    Where I can add our subnets to webserver?
     
  2. Saqqara

    Saqqara Active Member

    Joined:
    Mar 12, 2014
    Messages:
    877
    Likes Received:
    135
    Untick ' Disallow use of extension outside the LAN' against each extension.
     
  3. Tomas Raska

    Joined:
    Aug 18, 2017
    Messages:
    58
    Likes Received:
    6
  4. Tomas Raska

    Joined:
    Aug 18, 2017
    Messages:
    58
    Likes Received:
    6
    Configuration is in File nginx.conf
    Here are some Allowed LANs and every others are Blocked
     
  5. IoannisM_3CX

    IoannisM_3CX Support Team
    Staff Member 3CX Support

    Joined:
    Aug 10, 2017
    Messages:
    228
    Likes Received:
    17
    Hello @Tomas Raska,

    Please do note that altering the Parameters of PBX is highly not recommended, set back the value to the default IP ranges and we will try to troubleshoot your issue.

    Firstly, clarify what exactly is the topology of your network, how doe sthe VPN Tunnel works, where are the phones, where is the PBX etc.
    Secondly try posting the below address to your browser and let me know the outcome 127.0.0.1:5004

    Have you made any other alteration to your system?

    Thank you, i 'll be waiting for your feedback.
     
  6. Tomas Raska

    Joined:
    Aug 18, 2017
    Messages:
    58
    Likes Received:
    6
    Hello 3CX
    Our PBX is in subnet 10.X.X.X/255.255.254.0 and Phones in subnet 150.z.z.z/255.255.255.0
    in our VPN is everything allowed, every communication between subnets.

    And in 3cx webserver in nginx.conf ist subnet 150.z.z.z/24 not as allowed - is deny, when i write this subnet as allowed, everything is fine
    Provisioning work and too admin interface work. Without this subnet in nginx.conf web server write "403 forbidden"

    This is in nginx.conf (default)


    allow 192.168.0.0/16;
    allow 172.16.0.0/12;
    allow 10.0.0.0/8;
    allow 127.0.0.1;
    deny all;

    When I type on 3cx server 127.0.0.1:5004, after login come in to admin interface.

    My questions are:
    When I change parameters LOCALSUBNETS, why is not upgraded web server configuration?
    What parameters I must change to allow web server to communicate with my subnet?
     
  7. IoannisM_3CX

    IoannisM_3CX Support Team
    Staff Member 3CX Support

    Joined:
    Aug 10, 2017
    Messages:
    228
    Likes Received:
    17
    Hello @Tomas Raska,

    Please note that IP ranges beyond the above four configured ranges, are IPs outside of the RFC standards (see reference here). Changing Nginx 's default configuration file did the trick for you but please do note that this is highly not recommended as well as when you make this kind of changes you become unsupported. The parameters you altered in PBX are concern only the PBX, this does not alters anything in the Webserver 's configuration.

    Thank you
     
    #7 IoannisM_3CX, Sep 18, 2017
    Last edited: Sep 18, 2017
Thread Status:
Not open for further replies.